One person can tell a lie, but a company consists of many people. You must ensure that only few people know of the logging or there will be a risk of a leak.

▲

michaelt 3 minutes ago | parent | next [-]

Well, there should only be a few people with the access needed to discover logging is happening.

You'll have a server image where SSH can be toggled on using a config value in the test environment, to assist in debugging. That's normal. Don't worry, it's turned off in production. Obviously you're going to deploy the same server image you tested, only idiots test one thing and deploy another.

And you'll have a high security configuration management tool, to look after your production TLS keys and suchlike. Only a tiny handful of people have access to view production configuration values.

▲

arcfour an hour ago | parent | prev | next [-]

An intelligence agency already consists of more people than you need to run a VPN service.

▲

im3w1l 20 minutes ago | parent [-]

Still I think it's easier to avoid the need for more people than necessary. "Just lie" sounds like the easiest solution but on closer inspection maybe it is not?

	▲	arcfour 14 minutes ago \| parent [-]
		Because if you lie you get infinitely more data than if you don't lie. And if you lie you can do it completely in secret whereas if you don't lie you get articles like the OP exposing the teeny amount of data you're trying to collect. It makes no sense.

▲

xboxnolifes an hour ago | parent | prev [-]

Intelligence agencies... are generally pretty good at that.